This story just gets better and better. First it was 7 million, now it’s 25 million - the names, addresses and dates of birth for every child in the UK, and bank account and National Insurance numbers of their parents burnt onto two CDs and sent off in the internal post, only to be lost in transit.
A few things strike me here. First is that there’s one person stupid enough not to realise that this might not be such a good idea, and that self-same person has the admin privileges to be able to dump 25 million records onto a CD. Or perhaps there’s a whole management chain of command who were just cool with the whole idea, and felt that this was perfectly normal and OK. Then there’s the fact that the data wasn’t encrypted in any way - the press reports talk about the CDs being “password protected” rather than encrypted, which I would lay good money means a password-protected zip file. And that’s before you think about that much data being casually flung around in an internal mail system - brown transit envelopes with scribbled-out names in boxes. Two CDs is just over a gigabyte of data, which could be transferred in minutes over an SSL-encrypted private line.
Being a cynical type, I wouldn’t be entirely surprised if the discs had arrived, and had just got lost - they’re probably sat in the bottom of someone’s in-tray right now, assuming that the recipient hadn’t turned them up after the shit hit the fan and immediately dropped them into the bottom of the nearest canal to avoid the bollocking of their career. After all, it’s not every lost envelope that results in the abrupt end of the chairman’s career, is it?
The actual risk to anyone’s data, let alone their bank account, is pretty low. But this couldn’t have come at a better time - ID cards are becoming more and more of a hot topic, then there’s the Spine onto which all our medical records are supposedly going to be loaded. The sight of Alistair Darling standing on his hind legs behind the dispatch box and attempting to make out that somehow, ID cards would be the answer to this problem because they are biometric means one of two things - either he’s even more stupid and cretinous than I would otherwise have believed possible (and given that he’s a NuLabour cabinet minister, that’s not entirely ruled out); or he’s the kind of cynical power-grabbing control freak whose hands should be nowhere near the levers of power. Actually, he was more likely to be regurgitating a briefing from his civil servants - and given that the drivers of the database state have all had and continue to have conflicting interests in devising these kinds of monumental IT projects (Private Eyes ad nauseum if you don’t believe me) we can be pretty sure that this particular reassurance is utter, gold-plated bollocks.
It’s made my mind up - there’s no way I’m giving implied consent for my medical records to be uploaded onto the Spine. And I’m upping my donation to the Open Rights Group and No2ID, because the next time shit like this happens it’s likely to be a whole lot more serious than names and addresses and bank account numbers. I’m less worried about tinfoil-hatted conspiracy theories about how ID cards are a tool of the New World Order than I am about simple, time-honoured bureaucratic cock-ups - if my ability to exist in a civilised society rests with the integrity of a record that has had EDS and the Home Office anywhere near it, then I’m scared.